For those of you who know me, Henry was my basset hound, and the fictitious name used during (ahem) special research. I'm a former intelligence officer, a professional analyst, and a blogger since 2004 writing about my experiences on the journey --information security, cyber intelligence, education, thoughts. Some love my writings others hate it. If you like it, follow me!

Saturday, January 19, 2013

Cyber Security Intelligence - Live, Real Time, Right now.I love this. Clear, succinct. It’s what we are. It’s what Red Sky Alliance does all day, every day. I’m the geek in this operation. My sales skills aren’t everything they could be (not necessarily a bad thing), but we pushed through 2012 successfully. Yesterday I was doing the third interview with a new Business Development Executive that we were looking at for new member recruitment. As part of the interview, I asked him “In your words, what’s the value?” He replied, without missing a beat --it’s live. Red Sky isn’t a movie that was recorded live but played over and over, it’s live. It’s conversations and actions that members can use now.. in real time, talking to others, seeing what’s happening in real time. I could see it in his eyes. The light bulb had gone off and was fueled by the contagion we all feel when we realize just how powerful a community such as our two (Red Sky and Beadwindow) can be... I think our new membership guy defined our new company slogan.. Cyber Security Intelligence - Live, Real Time, Right now!BT BTIntelligence Analysis Report 13-001 (IAR 13-001) released: Over the course of the last couple of months we’ve been working with one of our members in analyzing and authoring an in-depth analysis of one of the most prolific and damaging APT groups out there today. The group claims thousands of jump points into and out of thousands of commercial, defense, and government targets, including we believe, much of the chemical sector last year, well known IT security companies, and dozens of others, stealing enormous amounts valuable intellectual property from each as they’ve ravaged their way through cyberspace over the course of the last couple of years. We labeled this report ‘Intelligence Analysis Report 13-001’. It’s a little different than one of our Fusion Reports. The IAR focuses more on the people, how they work, and what they want. The report consisted of over 20 pages of high-level analysis on tools, targeting, infrastructure and identifying information on suspected actors. Other happenings:

0-day: Red Sky analyzed recent 0 day. Feedback from one member confirmed that analysis from Red Sky enabled this member to mitigate the activity from this 0 day on his company’s network.

New Associate Member: This week we’re joined by a newcomer to the security intelligence space - Exodus Intelligence. Exodus is this cool little company that does 0-day research, selling subscriptions to finished reporting to their subscribers. For those of you who don’t know what an 0-day is, an 0-day (zero day, or oh day) is a new vulnerability that isn’t yet published in the wild. The Exodus team is now in Red Sky, and will be interacting directly with our Alliance, providing real time 0-day discovery, discussions and participating in our crowdsourced analytic intelligence engine.

New folks: As mentioned above, we’d posted three positions on UpLadders last week. In the few days the ad was running, we had probably 25 applicants before we turned the ads off. In the end, I’m happy to report, we have extended offers, and all three have accepted. Two of these new folks are linguists and one deep technical. Our first two start on 2/4, and the third, during the first week in March.

Beadwindow: We’re working contractual language with our first Federal Government Beadwindow member, and we’re hoping to have them in very soon.

A quick admin note: I’m sad to say, Dave Chauvette, our Director of Academic Services has left Red Sky to pursue activities more inline with his long term interests. Please direct any messaging regarding internships to me.

Oh, and before I forget --an update on my piece from last week. Remember that CIO with his head inthe sand? I gave him a threat brief... went to his office, sat side by side with him, and gave him a threat brief to show him what's going on around him. The outcome? he's agreed to use an outsider for incident response and triage analysis. His Carbon Black server should be arriving tomorrow.

If you're interested in having your CIO, CEO, or management team receive our threat brief, please drop us a note. We'd be happy to set something up online, or in person. We've got qualified people in New England, DC and St. Louis, MO areas and would be happy to arrange a time. So, another fantastic week in Red Sky Alliance! Until next time,Have a great week!Jeff